Enhance interpolateParams to correctly handle placeholders

[rusher]

Enhance client side statement to correctly handle placeholders in queries with comments, strings, and backticks.

Add findParamPositions to identify real parameter positions
Update and expand related tests.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Replaced placeholder interpolation with a byte-wise state machine that only substitutes ? in normal SQL context (skipping strings, comments, backticks); unified escaping via a backslash-escape table and added optional _binary prefix handling; updated and extended tests to cover comment/string/backtick cases and binary escaping.

Changes

Cohort / File(s)	Summary
Connection parsing connection.go	Rewrote mysqlConn.interpolateParams to a single-pass state machine that recognizes normal text, single/double-quoted strings (with escapes), #/-- single-line comments, /* ... */ block comments, and backticks. ? is substituted only in normal state; enforces arg availability per placeholder and validates leftover args; small doc comment fix in mysqlConn.cleanup.
Connection tests connection_test.go	Removed TestInterpolateParamsPlaceholderInString; added TestInterpolateParamsWithComments table-driven tests covering placeholders inside --, #, /* */ comments, single-quoted strings, backticks, backslash-escaped strings, and multi-part queries including expected driver.ErrSkip cases.
Escaping utilities utils.go	Introduced backslashEscapeTable with init() and refactored escaping helpers: split backslash/quotes variants, added escapeStringBackslash, changed signatures to accept binary bool for byte-based functions, make functions add surrounding quotes and optionally prefix _binary.
Escaping tests utils_test.go	Updated test calls to new binary parameter and added binary-mode assertions (expect _binary prefix) while retaining non-binary expectations; added helper expectations for binary cases.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Reduce "busy buffer" logs #1641 — touches connection.go cleanup/close semantics; overlaps with the doc/comment and connection cleanup context changes.
• modernize for Go 1.22 #1695 — modifies escaping helpers in utils.go; closely related to the introduced backslash escape table and refactored escape functions.

Suggested reviewers

• shogo82148

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately captures the main enhancement: improving interpolateParams to handle placeholders correctly in complex query scenarios.
Description check	✅ Passed	The description clearly relates to the changeset by explaining the core purpose: handling placeholders in comments, strings, and backticks, with references to the new helper function and test updates.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

connection.go (2)

248-271: Consider using idiomatic Go constant definitions.

The byte constants use runtime conversions and non-standard naming. Consider defining them as proper constants:

-var (
-    QUOTE_BYTE         = byte('\'')
-    DBL_QUOTE_BYTE     = byte('"')
-    BACKSLASH_BYTE     = byte('\\')
-    QUESTION_MARK_BYTE = byte('?')
-    SLASH_BYTE         = byte('/')
-    STAR_BYTE          = byte('*')
-    HASH_BYTE          = byte('#')
-    MINUS_BYTE         = byte('-')
-    LINE_FEED_BYTE     = byte('\n')
-    RADICAL_BYTE       = byte('`')
-)
+const (
+    quoteByte        = '\''
+    dblQuoteByte     = '"'
+    backslashByte    = '\\'
+    questionMarkByte = '?'
+    slashByte        = '/'
+    starByte         = '*'
+    hashByte         = '#'
+    minusByte        = '-'
+    lineFeedByte     = '\n'
+    backtickByte     = '`'
+)

---

272-274: Simplify slice initialization.

The slice initialization can be simplified for better readability:

-paramPositions := make([]int, 0)
+var paramPositions []int

connection_test.go (1)

206-214: Consider adding edge case test coverage.

While the current test cases are comprehensive, consider adding tests for additional edge cases:

// Escaped quotes in strings
{"SELECT 'don\\'t', ?", []driver.Value{int64(42)}, "SELECT 'don\\'t', 42", false},
// Double-quoted strings
{"SELECT \"?\", ?", []driver.Value{int64(42)}, "SELECT \"?\", 42", false},
// Nested quotes
{"SELECT \"It's a string\", ?", []driver.Value{int64(42)}, "SELECT \"It's a string\", 42", false},
// Comment without newline at end
{"SELECT ? -- comment", []driver.Value{int64(42)}, "SELECT 42 -- comment", false},

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 76c00e3 and 50f682d.

📒 Files selected for processing (2)

• connection.go (5 hunks)
• connection_test.go (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: shogo82148
PR: go-sql-driver/mysql#1576
File: CHANGELOG.md:1-6
Timestamp: 2024-07-26T20:55:56.049Z
Learning: PRs #1562 and #1570 in the go-sql-driver/mysql repository collectively address the same underlying issue related to fixing a race condition when a context is canceled, as documented in the CHANGELOG.md for version 1.8.1.

connection.go (1)

Learnt from: shogo82148
PR: go-sql-driver/mysql#1576
File: CHANGELOG.md:1-6
Timestamp: 2024-07-26T20:55:56.049Z
Learning: PRs #1562 and #1570 in the go-sql-driver/mysql repository collectively address the same underlying issue related to fixing a race condition when a context is canceled, as documented in the CHANGELOG.md for version 1.8.1.

🧬 Code Graph Analysis (1)

connection_test.go (1)

dsn.go (1)

• Config (37-84)

⏰ Context from checks skipped due to timeout of 90000ms (20)

• GitHub Check: test (windows-latest, 1.24, mariadb-10.11)
• GitHub Check: test (windows-latest, 1.24, mariadb-10.6)
• GitHub Check: test (windows-latest, 1.24, mariadb-11.2)
• GitHub Check: test (ubuntu-latest, 1.24, mariadb-10.11)
• GitHub Check: test (macos-latest, 1.24, mariadb-10.11)
• GitHub Check: test (macos-latest, 1.24, mariadb-10.6)
• GitHub Check: test (ubuntu-latest, 1.24, mariadb-10.5)
• GitHub Check: test (windows-latest, 1.24, 9.0)
• GitHub Check: test (macos-latest, 1.24, mariadb-11.2)
• GitHub Check: test (ubuntu-latest, 1.24, mariadb-10.6)
• GitHub Check: test (macos-latest, 1.24, 9.0)
• GitHub Check: test (ubuntu-latest, 1.24, mariadb-11.1)
• GitHub Check: test (macos-latest, 1.24, 8.0)
• GitHub Check: test (ubuntu-latest, 1.24, 5.7)
• GitHub Check: test (ubuntu-latest, 1.24, mariadb-11.4)
• GitHub Check: test (ubuntu-latest, 1.24, 9.0)
• GitHub Check: test (ubuntu-latest, 1.24, mariadb-11.2)
• GitHub Check: test (ubuntu-latest, 1.24, 8.4)
• GitHub Check: lint
• GitHub Check: Analyze (go)

🔇 Additional comments (5)

connection.go (4)

248-341: Excellent state machine implementation for SQL parsing.

The findParamPositions function implements a comprehensive state machine that correctly handles various SQL contexts including comments (--, #, /* */), string literals, backticks, and escape sequences. The logic properly tracks state transitions and accurately identifies real parameter placeholders while ignoring those inside comments or strings.

The handling of the noBackslashEscapes flag is particularly well done, respecting MySQL's SQL mode settings.

---

344-348: Improved parameter counting logic.

The change from simple character counting to using findParamPositions is a significant improvement. The function now correctly validates that the number of real parameters matches the number of arguments before attempting interpolation.

---

400-404: Simplified and consistent escaping logic.

The refactored escaping logic using the noBackslashEscapes flag is cleaner and more consistent. The conditional logic is now easier to understand and maintain across different data types (JSON, bytes, strings).

Also applies to: 411-415, 420-424

---

362-435: Correct implementation of position-based parameter replacement.

The new interpolation loop correctly processes parameters based on their actual positions in the query rather than simple sequential replacement. The lastIdx tracking ensures that query segments are properly appended between parameter substitutions.

connection_test.go (1)

190-236: Comprehensive test coverage for enhanced parameter interpolation.

The TestInterpolateParamsWithComments test provides excellent coverage of the new parameter parsing logic. It correctly tests:

1. Single-line comments with -- and #
2. Multi-line comments with /* */
3. String literals with single quotes
4. Backtick identifiers
5. Complex queries with multiple comment types
6. Error cases where parameter count doesn't match argument count

The test case on line 216 correctly expects driver.ErrSkip because there are 4 real placeholders but only 3 arguments provided.

[coveralls]

coverage: 82.737% (+0.1%) from 82.596% — rusher:InterpolateParams into go-sql-driver:master

[methane]

Please run BenchmarkInterpolation and write the results.

Is this algorithm identical to the MySQL or MariaDB? And are there examples of this algorithm implemented in other database drivers?

[rusher]

force push implementation with performance improvement.

current implementation :

Running tool: /usr/bin/go test -benchmem -run=^$ -bench ^BenchmarkInterpolation$ github.com/go-sql-driver/mysql

goos: linux
goarch: amd64
pkg: github.com/go-sql-driver/mysql
cpu: 11th Gen Intel(R) Core(TM) i9-11900K @ 3.50GHz
BenchmarkInterpolation-16    	 4036990	       297.6 ns/op	     176 B/op	       1 allocs/op

initial proposal:

BenchmarkInterpolation-16    	 2726235	       442.5 ns/op	     296 B/op	       5 allocs/op

new proposal:

BenchmarkInterpolation-16    	 4092514	       295.5 ns/op	     176 B/op	       1 allocs/op

There is only one loop now, and escaping methods for parameters have been improved.

about other driver using that :

• MariaDB java driver
• MariaDB node.js driver
• MySQL Java driver
• ...
  (all driver does that one way or another, or it might result of a Poor Little Bobby Tables)

[rusher]

I hope this is included fast, since it's a security risk. proper client side statement must be handled well.

This is particulary dangerous when InterpolateParams and MultiStatements are enable :

for example, a query like select * /* ? */ from mytable where id = ? with parameter like ['*/ from mytable; delete * from mysql.user --/*', 1 ]
will result in deleting mysql.user table. SQL injection issue must be handle quickly

[rusher]

is there anything to do still to be merged ?

[methane]

time.
I don't intend to merge this in current series (v1.9) because it brings major behavior change.

I plan to release v1.9.4 next month, followed by creating a branch for v1.9 and beginning to incorporate changes for v1.10 into the master branch.

[Copilot]

Pull request overview

This PR improves client-side parameter interpolation so that ? placeholders are only substituted when they appear in real SQL parameter positions (not inside comments, string literals, or backtick-quoted identifiers), and updates escaping helpers/tests accordingly.

Changes:

• Reworked mysqlConn.interpolateParams to scan SQL and ignore ? inside comments/strings/backticks.
• Updated escaping helpers to consistently emit quoted literals (and _binary'...' for byte slices) and expanded tests.
• Added new interpolation tests covering comments, strings, backticks, and escaped strings.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
connection.go	Adds a state-machine parser for interpolateParams to avoid substituting ? inside comments/strings/backticks.
connection_test.go	Adds new tests validating interpolation behavior with comments/strings/backticks and removes the prior “skip” expectation for ? in strings.
utils.go	Refactors escaping to include proper quoting and optional _binary prefix; adds a shared backslash escape lookup table.
utils_test.go	Updates/expands tests for new escaping behavior, including binary _binary'...' cases.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

-- single-line comments in MySQL only start when the second - is followed by whitespace/control (e.g. -- ). The current check enters stateEOLComment whenever two consecutive - appear, which will misparse expressions like SELECT 1--1, ? as a comment and can cause placeholders to be skipped/ErrSkip. Update the detection to require a following whitespace/control character (or end-of-input) before switching to stateEOLComment.

Suggested change

	if state == stateNormal && lastChar == MINUS_BYTE {
	if state == stateNormal && lastChar == MINUS_BYTE &&
	(i+1 == lenQuery || query[i+1] <= ' ') {

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

connection.go (1)

259-270: Prefer const with idiomatic Go naming for these byte literals.

These single-byte literals never change, so they should be const, not var. Go style also prefers camelCase (or a single untyped char literal used inline) over SCREAMING_SNAKE_CASE. Declaring them as var forces heap/stack allocations and locks you out of use in constant contexts.

♻️ Suggested refactor

-	var (
-		QUOTE_BYTE         = byte('\'')
-		DBL_QUOTE_BYTE     = byte('"')
-		BACKSLASH_BYTE     = byte('\\')
-		QUESTION_MARK_BYTE = byte('?')
-		SLASH_BYTE         = byte('/')
-		STAR_BYTE          = byte('*')
-		HASH_BYTE          = byte('#')
-		MINUS_BYTE         = byte('-')
-		LINE_FEED_BYTE     = byte('\n')
-		BACKTICK_BYTE      = byte('`')
-	)
+	const (
+		quoteByte        byte = '\''
+		dblQuoteByte     byte = '"'
+		backslashByte    byte = '\\'
+		questionMarkByte byte = '?'
+		slashByte        byte = '/'
+		starByte         byte = '*'
+		hashByte         byte = '#'
+		minusByte        byte = '-'
+		lineFeedByte     byte = '\n'
+		backtickByte     byte = '`'
+	)

(References further down in the function would need to be updated accordingly.)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@connection.go` around lines 259 - 270, The byte literals declared as vars
(QUOTE_BYTE, DBL_QUOTE_BYTE, BACKSLASH_BYTE, QUESTION_MARK_BYTE, SLASH_BYTE,
STAR_BYTE, HASH_BYTE, MINUS_BYTE, LINE_FEED_BYTE, BACKTICK_BYTE) should be
converted to untyped package-level consts and renamed to idiomatic camelCase
(e.g., quoteByte, dblQuoteByte, backslashByte, questionMarkByte, slashByte,
starByte, hashByte, minusByte, lineFeedByte, backtickByte); change the
declarations from var to const and update all references in this file/function
to use the new constant names so they can be used in constant contexts and avoid
unnecessary allocations.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@connection.go`:
- Around line 305-308: The parser treats a second dash as starting an EOL
comment unconditionally; update the branch handling MINUS_BYTE (where it checks
state == stateNormal && lastChar == MINUS_BYTE) to peek the next byte (or detect
EOF) and only transition to stateEOLComment when that following byte is
whitespace/control (space, tab, newline, other control) or EOF; otherwise leave
it as normal SQL (so placeholders like ? are not skipped and argPos remains
correct, avoiding driver.ErrSkip). Locate the MINUS_BYTE case in the state
machine in connection.go and add the lookahead/whitespace-or-EOF check before
setting state = stateEOLComment.

---

Nitpick comments:
In `@connection.go`:
- Around line 259-270: The byte literals declared as vars (QUOTE_BYTE,
DBL_QUOTE_BYTE, BACKSLASH_BYTE, QUESTION_MARK_BYTE, SLASH_BYTE, STAR_BYTE,
HASH_BYTE, MINUS_BYTE, LINE_FEED_BYTE, BACKTICK_BYTE) should be converted to
untyped package-level consts and renamed to idiomatic camelCase (e.g.,
quoteByte, dblQuoteByte, backslashByte, questionMarkByte, slashByte, starByte,
hashByte, minusByte, lineFeedByte, backtickByte); change the declarations from
var to const and update all references in this file/function to use the new
constant names so they can be used in constant contexts and avoid unnecessary
allocations.

🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 55b987d1-c065-411c-acdd-8acb540fcf5f

📥 Commits

Reviewing files that changed from the base of the PR and between 66edfad and a92656e.

📒 Files selected for processing (1)

• connection.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

MySQL double-dash comment syntax whitespace requirement documentation

💡 Result:

Yes, MySQL requires a whitespace character (such as space, tab, or newline) immediately after the second dash in the double-dash (--) comment syntax for it to be recognized as a comment. Without it, -- is not treated as a comment start, allowing expressions like balance--1 to be parsed correctly as subtraction rather than commenting out the rest of the line. This is explicitly stated in official MySQL documentation across versions, including the current MySQL 8.4 and 9.x manuals: - In the Comments section: "In MySQL, the -- (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character, such as a space or tab." - In the Restrictions section: "the -- start-comment sequence is accepted as such, but must be followed by a whitespace character such as a space or newline." The requirement prevents issues in generated SQL, like UPDATE balance=balance--1 being misinterpreted without the space. Examples: - Valid: SELECT 1 -- comment - Invalid as comment: SELECT 1--comment (treated as identifier or operator)

Citations:

• 1: https://dev.mysql.com/doc/mysql-reslimits-excerpt/8.0/en/ansi-diff-comments.html
• 2: https://dev.mysql.com/doc/refman/9.5/en/comments.html
• 3: https://dev.mysql.com/doc/refman/en/comments.html
• 4: https://dev.mysql.com/doc/en/comments.html

---

🏁 Script executed:

fd -t f "connection.go" --type f

Repository: go-sql-driver/mysql

Length of output: 76

---

🏁 Script executed:

cat -n connection.go | sed -n '295,320p'

Repository: go-sql-driver/mysql

Length of output: 905

---

🏁 Script executed:

cat -n connection.go | head -100 | tail -40

Repository: go-sql-driver/mysql

Length of output: 1562

---

🏁 Script executed:

cat -n connection.go | sed -n '200,250p'

Repository: go-sql-driver/mysql

Length of output: 1531

---

🏁 Script executed:

cat -n connection.go | sed -n '248,350p'

Repository: go-sql-driver/mysql

Length of output: 3328

---

🏁 Script executed:

cat -n connection.go | sed -n '350,380p'

Repository: go-sql-driver/mysql

Length of output: 1079

---

🏁 Script executed:

cat -n connection.go | sed -n '380,420p'

Repository: go-sql-driver/mysql

Length of output: 1190

---

-- comment detection requires whitespace check after second dash to match MySQL/MariaDB behavior.

MySQL/MariaDB only recognize -- as an end-of-line comment when the second dash is followed by whitespace (space, tab, control character), or EOF. Without this check, expressions like SELECT 5--2 FROM t WHERE x = ? are incorrectly parsed: the --2 FROM... is treated as a comment, the ? placeholder is skipped, argPos ends up less than len(args), and the function returns driver.ErrSkip. The query executes via server-side prepare, but you lose the client-side parameter interpolation fast path.

Add a whitespace/control/EOF check after the second dash before transitioning to stateEOLComment.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@connection.go` around lines 305 - 308, The parser treats a second dash as
starting an EOL comment unconditionally; update the branch handling MINUS_BYTE
(where it checks state == stateNormal && lastChar == MINUS_BYTE) to peek the
next byte (or detect EOF) and only transition to stateEOLComment when that
following byte is whitespace/control (space, tab, newline, other control) or
EOF; otherwise leave it as normal SQL (so placeholders like ? are not skipped
and argPos remains correct, avoiding driver.ErrSkip). Locate the MINUS_BYTE case
in the state machine in connection.go and add the lookahead/whitespace-or-EOF
check before setting state = stateEOLComment.

[coderabbitai]

♻️ Duplicate comments (1)

connection.go (1)

293-308: ⚠️ Potential issue | 🟡 Minor

Tighten paired comment delimiter detection.

Using lastChar across state transitions can misclassify valid SQL. After closing a block comment, lastChar remains /, so SELECT 1/**/*? is parsed as entering a second block comment at the * operator and the real placeholder is skipped. The same branch still treats every -- as a comment start; MySQL/MariaDB require whitespace/control/EOF after the second dash, which was already flagged in an earlier review.

Suggested targeted fix

+	isSpaceOrControl := func(c byte) bool {
+		return c <= ' '
+	}
+
 	for i := 0; i < lenQuery; i++ {
 		currentChar := query[i]
@@
 		case SLASH_BYTE:
 			if state == stateSlashStarComment && lastChar == STAR_BYTE {
 				state = stateNormal
+				lastChar = 0
+				continue
 			}
@@
 		case MINUS_BYTE:
-			if state == stateNormal && lastChar == MINUS_BYTE {
+			if state == stateNormal && lastChar == MINUS_BYTE &&
+				(i+1 == lenQuery || isSpaceOrControl(query[i+1])) {
 				state = stateEOLComment
 			}

MySQL documentation double dash comment syntax requires whitespace or control character after second dash

Also applies to: 412-412

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@connection.go` around lines 293 - 308, The parser is misclassifying
delimiters because it relies on a stale lastChar across state transitions (e.g.,
STAR_BYTE/SLASH_BYTE pair and MINUS_BYTE handling), so change the logic to use
an explicit previous-byte (or peek) directly adjacent to the current byte rather
than a potentially stale lastChar: for the STAR_BYTE/SLASH_BYTE pair ensure you
check the immediately preceding byte only when in stateNormal and when
entering/exiting stateSlashStarComment reset or update the previous-byte so it
cannot spuriously trigger on the next token (e.g., when closing a block comment
clear prev/last byte); for MINUS_BYTE handling (the "--" case) only treat it as
stateEOLComment when the second dash is followed by whitespace/control/EOF
(implement a one-byte lookahead or a state that remembers a single leading dash
and validates the next char) and similarly keep HASH_BYTE behavior unchanged
except using the explicit prev/peek logic instead of relying on lastChar.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@connection.go`:
- Around line 293-308: The parser is misclassifying delimiters because it relies
on a stale lastChar across state transitions (e.g., STAR_BYTE/SLASH_BYTE pair
and MINUS_BYTE handling), so change the logic to use an explicit previous-byte
(or peek) directly adjacent to the current byte rather than a potentially stale
lastChar: for the STAR_BYTE/SLASH_BYTE pair ensure you check the immediately
preceding byte only when in stateNormal and when entering/exiting
stateSlashStarComment reset or update the previous-byte so it cannot spuriously
trigger on the next token (e.g., when closing a block comment clear prev/last
byte); for MINUS_BYTE handling (the "--" case) only treat it as stateEOLComment
when the second dash is followed by whitespace/control/EOF (implement a one-byte
lookahead or a state that remembers a single leading dash and validates the next
char) and similarly keep HASH_BYTE behavior unchanged except using the explicit
prev/peek logic instead of relying on lastChar.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2c737be8-d927-4233-8aa3-b09fc3edd6f9

📥 Commits

Reviewing files that changed from the base of the PR and between a92656e and a2ac430.

📒 Files selected for processing (2)

• connection.go
• connection_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• connection_test.go

[methane]

@copilot make these const

[methane]

please fix 2--1 and /* ... */* ... issues.